1 / 17

The Banking Group

The Banking Group Jeremy Attali Josh Gerdes William Kormos Matt Tjarks Basic Diagram Corporate Office Availability Availability is a basic of security. If it’s not available, then the customer may take their business elsewhere. Have 2 different Internet access

omer
Download Presentation

The Banking Group

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The Banking Group Jeremy Attali Josh Gerdes William Kormos Matt Tjarks

  2. Basic Diagram

  3. Corporate Office • Availability • Availability is a basic of security. • If it’s not available, then the customer may take their business elsewhere. • Have 2 different Internet access • 1 for the WebServer inside the DMZ • 1 for the employees who need an Internet connection • 2 Firewalls before accessing the secure network • This is to allow for greater availability in case of malfunction, Denial of Service (DoS) attacks, etc.

  4. Corporate Office - DMZ • Integrity • Integrity is important so that you know unauthorized users did not change your data. • 1st Firewall - Webserver • Allows for the availability of an outside web presence through the DMZ, and protection of inside assets. • Keeps actual account data safe by allowing the web server to communicate requests to a database server further back

  5. Corporate Office - DMZ • Firewall 2 - WebServer • Allows for IPSec (which is used to protect Confidentiality) from ATMs, so that the ATMs can directly access the account information needed. • Separate network to protect critical data • Allows for the account database information to be protected and separated from the rest of the network • If one machine is pwn3d, then the client data is still theoretically safe

  6. Corporate Office – Secure Network • Firewall 1 & Router • 1st protection against possible attack from the Internet • Very strong policies • Firewall 2 and Switch • Separate network to protect critical data • Allows for the account database information to be protected and separated from the rest of the network • If one machine is pwn3d, then the client data is still theoretically safe

  7. Corporate Office • Inside It All • Loan Department • Part of work is local, part is run in the data center • VPN connection to 3rd party provider • Teller Services • Workstations that connect to the Teller Services Server (TSS) in the Data Center. • Tellers can only access the TSS from their systems. • Data Center • Contains all critical servers • Etc

  8. Corporate Office • 1st Firewall Rules • Pass IPSec packets to the 2nd router • Allow outside to webserver in the dmz in ssl http, otherwise, drop • Allow outside http to inside • Allow webserver in the dmz to the database server inside with encryption

  9. Corporate Office • 2nd Firewall Rules • Allow teller services to access from the inside to dmz for account updates • Allow outside to dmz for webserver and atm changes to accounts • Allow http to travel through from outside to inside so employees have internet access

  10. Branch Office

  11. Branch Office • Firewall/Router • Allow IPSec to travel from the branch to the database for account updates • Allow http in to certain machines • Set up a VPN connection in the Loan Department to communicate with 3rd party providers • Have a secondary network set up in the DMZ for traveling employee auditors to have net access but not necessarily local net access

  12. Demo • Router • Set up to simulate the first set of routers • Firewall • Set up like the first firewall • Webserver • Set up like a basic website that could be used to display account balance info • Database • Stores names and balances, very basic for demo purposes

  13. Database Rules • Teller • Can read the database to look up customers • Has account balance write only • Cannot update balance if employee name matches account name • Branch President • Has account name write privileges • Useful if customer changes name for some reason • Has full read privileges • Can add or remove accounts • No balance update privileges • Bank President • Has read access to everything for audit purposes • No write access

  14. Optional Wireless access • The idea • Let customers to have access to Internet inside the corporate or a branch office • Control the content • Filter traffic • The problem • We don’t want to open the connection to the entire world • Especially, we don’t want employees to have access to the wireless

  15. Optional Wireless access

  16. Optional Wireless access • Some Solutions • Use MAC filtering • Easy to implement • Hard to control • Pain for customers • Use a 3rd party solution • Cisco Unified Wireless Network • Hard to implement • Provide good protection • Expensive

  17. The End

More Related